Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/326130323a323633303a3a2f33322d3332203d3e203135343139.roa
File:                     326130323a323633303a3a2f33322d3332203d3e203135343139.roa (raw, json)
Hash identifier:          ysNMOtywfh1ARPKCbUE+O+K4YEKjz0xe1hxdTS7Izrs=
Subject key identifier:   DD:DA:B4:48:4D:BA:81:4D:B4:6E:AD:8B:C6:92:6D:0B:2F:99:6A:F0
Certificate issuer:       /CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Certificate serial:       04C95AEE542978C9E1D9F01E1F7D383479DD8ADC
Authority key identifier: 9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/326130323a323633303a3a2f33322d3332203d3e203135343139.roa
Signing time:             Fri 07 Jul 2023 08:08:17 +0000
ROA not before:           Fri 07 Jul 2023 08:03:17 +0000
ROA not after:            Fri 05 Jul 2024 08:08:17 +0000
asID:                     15419
IP address blocks:        2a02:2630::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:c9:5a:ee:54:29:78:c9:e1:d9:f0:1e:1f:7d:38:34:79:dd:8a:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
        Validity
            Not Before: Jul  7 08:03:17 2023 GMT
            Not After : Jul  5 08:08:17 2024 GMT
        Subject: CN=DDDAB4484DBA814DB46EAD8BC6926D0B2F996AF0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:af:e2:78:ba:5b:67:82:96:cd:29:87:ea:33:
                    20:85:03:28:27:a2:b2:3c:b6:50:9e:0c:e2:3d:8f:
                    dc:a6:75:c1:9c:1d:7b:f9:69:3b:60:7c:dd:b0:8e:
                    65:22:c4:21:c9:48:03:fe:81:b1:69:5f:dc:21:68:
                    73:12:66:69:74:4a:22:2e:02:fe:95:94:61:c6:b0:
                    4d:06:24:a9:86:c4:e3:72:ea:df:e7:8a:50:38:c9:
                    92:40:a6:89:a9:46:e6:39:b1:1c:aa:4e:72:e0:c3:
                    a3:05:90:81:71:f5:8a:04:72:ae:91:d0:47:09:36:
                    97:84:e4:74:15:2f:5e:c3:f9:68:c5:bb:4b:1c:ee:
                    20:cb:ae:1f:b1:4e:e5:94:84:b6:f2:67:79:bd:8b:
                    51:80:5d:cc:42:fb:0e:46:df:dc:cb:ac:7e:3d:95:
                    c0:af:1e:d9:81:5d:e1:2a:07:06:e5:8f:cf:49:77:
                    f4:a7:fe:31:5c:5c:de:5d:da:07:f5:96:2b:70:ed:
                    0b:47:8b:7d:ea:2c:57:4b:88:26:e5:45:90:aa:9b:
                    c2:f8:55:ef:2f:7e:38:61:d8:4d:1e:ad:13:ed:4f:
                    ac:4e:a3:c2:ba:bb:9f:1d:ca:03:21:39:f0:d8:cd:
                    c1:80:de:59:85:06:24:f9:81:57:10:b0:07:46:bc:
                    bd:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:DA:B4:48:4D:BA:81:4D:B4:6E:AD:8B:C6:92:6D:0B:2F:99:6A:F0
            X509v3 Authority Key Identifier:
                keyid:9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/326130323a323633303a3a2f33322d3332203d3e203135343139.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2630::/32

    Signature Algorithm: sha256WithRSAEncryption
         59:62:1b:4a:95:45:b2:1a:8f:92:cc:00:a4:2c:db:f0:fb:cd:
         f6:c9:e7:d4:35:b1:61:75:9e:d5:17:37:6d:b7:58:bb:cd:82:
         a7:e9:b7:18:df:f6:43:08:0f:c6:8f:af:db:1f:83:2c:78:78:
         9b:90:a2:66:9d:e2:d3:a5:91:a3:ef:30:3c:13:6a:a4:f5:09:
         b1:fa:66:37:a2:41:9f:04:38:3e:4e:a4:cf:61:32:ef:db:81:
         53:56:37:c7:8b:e6:27:66:8e:ba:85:1f:1c:7f:4e:5b:f4:60:
         0f:69:7d:22:82:79:28:a2:24:fb:b4:1e:5e:24:03:54:5d:11:
         c4:2d:76:9b:47:a8:fb:da:62:1c:c7:ca:0e:37:d9:01:b3:41:
         cf:a6:dc:65:61:f0:bb:dc:a7:82:c6:54:46:c3:79:f8:9b:05:
         ba:16:9e:58:30:97:8a:e1:36:c1:b1:91:d9:da:f8:8e:e4:34:
         d9:16:da:e7:fd:fd:4d:57:eb:86:e9:23:9f:e7:94:b2:7f:36:
         78:ea:0f:14:14:23:e0:4f:2b:9c:d2:67:df:bb:20:ea:4f:0e:
         b5:04:40:99:aa:c7:f6:97:58:05:2f:93:32:fe:6b:c5:53:80:
         cf:03:86:0b:be:a4:52:5f:0f:b8:2f:2a:ba:2d:3c:c7:81:f8:
         1c:4a:67:4d
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUBMla7lQpeMnh2fAeH304NHnditwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmODU5OTdiMWI5YjM1OGUxYzQzZjM2NzY1YWEwYTRh
MDIxNDRhZTAeFw0yMzA3MDcwODAzMTdaFw0yNDA3MDUwODA4MTdaMDMxMTAvBgNV
BAMTKEREREFCNDQ4NERCQTgxNERCNDZFQUQ4QkM2OTI2RDBCMkY5OTZBRjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrr+J4ultngpbNKYfqMyCFAygn
orI8tlCeDOI9j9ymdcGcHXv5aTtgfN2wjmUixCHJSAP+gbFpX9whaHMSZml0SiIu
Av6VlGHGsE0GJKmGxONy6t/nilA4yZJApompRuY5sRyqTnLgw6MFkIFx9YoEcq6R
0EcJNpeE5HQVL17D+WjFu0sc7iDLrh+xTuWUhLbyZ3m9i1GAXcxC+w5G39zLrH49
lcCvHtmBXeEqBwblj89Jd/Sn/jFcXN5d2gf1litw7QtHi33qLFdLiCblRZCqm8L4
Ve8vfjhh2E0erRPtT6xOo8K6u58dygMhOfDYzcGA3lmFBiT5gVcQsAdGvL2pAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQU3dq0SE26gU20bq2LxpJtCy+ZavAwHwYDVR0j
BBgwFoAUnfhZl7G5s1jhxD82dlqgpKAhRK4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMtZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0
M2IxLzMvOURGODU5OTdCMUI5QjM1OEUxQzQzRjM2NzY1QUEwQTRBMDIxNDRBRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25maFpsN0c1czFqaHhEODJkbHFncEtB
aFJLNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMt
ZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0M2IxLzMvMzI2MTMwMzIzYTMyMzYzMzMw
M2EzYTJmMzMzMjJkMzMzMjIwM2QzZTIwMzEzNTM0MzEzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoC
JjAwDQYJKoZIhvcNAQELBQADggEBAFliG0qVRbIaj5LMAKQs2/D7zfbJ59Q1sWF1
ntUXN223WLvNgqfptxjf9kMID8aPr9sfgyx4eJuQomad4tOlkaPvMDwTaqT1CbH6
ZjeiQZ8EOD5OpM9hMu/bgVNWN8eL5idmjrqFHxx/Tlv0YA9pfSKCeSiiJPu0Hl4k
A1RdEcQtdptHqPvaYhzHyg432QGzQc+m3GVh8Lvcp4LGVEbDefibBboWnlgwl4rh
NsGxkdna+I7kNNkW2uf9/U1X64bpI5/nlLJ/NnjqDxQUI+BPK5zSZ9+7IOpPDrUE
QJmqx/aXWAUvkzL+a8VTgM8Dhgu+pFJfD7gvKrotPMeB+BxKZ00=
-----END CERTIFICATE-----